apache: add fix for CVE-2014-0117 Security Advisory

The patch comes from upstream:
http://svn.apache.org/viewvc?view=revision&revision=1610674

SECURITY (CVE-2014-0117): Fix a crash in mod_proxy.  In a reverse proxy
configuration, a remote attacker could send a carefully crafted request which
could crash a server process, resulting in denial of service.

Thanks to Marek Kroemeke working with HP's Zero Day Initiative for reporting
this issue.

Submitted by: Edward Lu, breser, covener
Signed-off-by: Zhang Xiao <xiao.zhang@windriver.com>
Signed-off-by: Kai Kang <kai.kang@windriver.com>

1 files changed, 3 insertions, 1 deletions

diff --git a/meta-webserver/recipes-httpd/apache2/apache2_2.4.10.bb b/meta-webserver/recipes-httpd/apache2/apache2_2.4.10.bb
index 573cd6fb00..d79d40bd2c 100644
--- a/meta-webserver/recipes-httpd/apache2/apache2_2.4.10.bb
+++ b/meta-webserver/recipes-httpd/apache2/apache2_2.4.10.bb
@@ -19,7 +19,9 @@ SRC_URI = "http://www.apache.org/dist/httpd/httpd-${PV}.tar.bz2 \
            file://0001-configure-use-pkg-config-for-PCRE-detection.patch \
            file://init \
            file://apache2-volatile.conf \
-           file://apache2.service"
+           file://apache2.service \
+           file://apache-CVE-2014-0117.patch \
+          "
 
 LIC_FILES_CHKSUM = "file://LICENSE;md5=dbff5a2b542fa58854455bf1a0b94b83"
 SRC_URI[md5sum] = "44543dff14a4ebc1e9e2d86780507156"